50 BILLION REASONS TO ACT
Five years ago, according to Cisco stats, the number of things connected to the Internet surpassed the number of people on Earth. By 2020, the number of connected objects—appliances, vehicles, medical implants, servers, livestock, toys, and essentially everything with a sensor and a need to communicate data—will reach 50 billion. We cannot even begin to grasp the infinite ways in which such a networked world will transform our everyday lives. The amount of control this connectivity will provide over our world and ourselves seems unbounded.
Yet where there is communication, there is risk. In 2010, the Stuxnet computer worm provided stark evidence of a future in which widely propagated but undetected malware could float around the world, invisibly biding its time, until finding the one precise type of system it was designed to target and destroy. Stuxnet specifically targeted Siemens industrial equipment in Iranian nuclear facilities, but the worm’s larger significance should be clear: We are not safe.
The more connected our devices, the larger our attack surface. Those 50 billion things on the Internet represent 50 billion cells waiting for the right pathogen to slip in and wreak havoc on the surrounding body. If the world is connected, the world and its daily operations—its banking and commerce, private messages and records, utilities, and services—are all at risk. And it’s not even the threat of malware-induced damage that keeps some industry insiders awake at night; it’s a knowledge of the fragility of today’s security infrastructure and how unprepared that security is to protect another 30 or 40 billion nodes.
This is the key message at the core of today’s computing: Trust is essential. If people and businesses cannot trust their systems and the connections between them, economic growth and the advance of computing may suffer, and that is a far larger long-term threat than any individual malware exploit.
For over 30 years, performance has been the driving force behind processor evolution. Today, the battle of megahertz milestones may be less prominent in the headlines, but the war for total performance through multi-threading, task-specific logic (such as Intel® Advanced Encryption Standard New Instructions [Intel® AES-NI]), and ever-increasing power efficiency charges on. The problem is that even chart-topping performance is no longer enough. Malware can bring even the most powerful systems to their knees. Future platforms must combine enabling performance with implicit trust. With Intel’s acquisition of McAfee, the foundations of that future are being built now.
“In prior generations, processors focused on doing specific tasks, and security was just another thing you ran on the chip,” says noted tech analyst and Forbes contributor Rob Enderle. “But Intel recognized that you actually had to build security into the hardware because attackers were becoming far too capable for just traditional, software-based approaches to the problem. Intel knew this wasn’t just a PC problem. This was a problem with all connected devices. That’s why they needed McAfee’s core expertise brought in.”
THE FUTURE AT STAKE
In 2010, Intel announced that it would acquire McAfee, Inc. Many pundits found this move surprising, but the necessity of the merger becomes clear when one examines their vision for the future.
Under the old computing paradigm, viewing security as another app to run on a processor, the acquisition makes no sense. Intel sells chips. McAfee sells security solutions. Why would Intel suddenly want to enter the security software business? Industry pundits and expert analysts echoed this exact thought in 2012, and some raised questions such as, “What is the point of the semiconductor company moving aggressively into security software when the real issue it faced was the mobility challenge?”
Critics in 2012 might not have been aware of Intel’s many present and forthcoming forays into 22nm ultramobile processors, including the groundbreaking Silvermont, Bay Trail, Merrifield, and 6331 chips. Five years into the Intel® Atom™ processor-based ultramobile strategy, Intel’s efforts are finally bearing fruit. (As case in point, note Intel’s design win for its Atom Z2560 processor in the new Samsung GALAXY* Tab 3.) However, the point that analysts and others seek is that all of the performance and energy efficiency imaginable won’t matter if a device falls prey to malware. Performance and security must be two sides of the same coin—or else.
Figure 1: Malware discoveries by year.
If the question is one of handheld devices, then data from NQ Mobile’s 2012 Security Report paint a stark picture of today’s mobile security landscape: 163 percent year-over-year malware growth (Figure 1), 28 percent of mobile malware discovered illicitly collected personal user data, and 7 percent was designed to completely sabotage (“brick”) the device outright.
This is the landscape into which Intel is stepping with its next-generation mobile processors. And just as the world of mobile computing has risen to the same—if not greater prominence—as desktop computing, it follows that the mobile threat landscape will soon resemble that of the desktop and server spaces. Where there is opportunity for mayhem and profit, hackers and criminals will follow.
The financial cost of insecure computing has progressed from startling to staggering. In March 2013, IDC released a Microsoft-sponsored study titled “The Dangerous World of Counterfeit and Pirated Software.” Study authors state, “IDC estimates that the direct costs to enterprises from dealing with malware from counterfeit software will hit USD 114 billion this year (Figure 2). The potential losses from data breaches could reach nearly USD 350 billion.”
Figure 2: The Total Cost to Enterprise.
These numbers are based only on issues derived from counterfeit software on work computers. Extrapolate from there and consider the rising tides of mobile malware, social media-based scams, drive-by exploits, network-injected rootkits, and all manner of other threats that have nothing to do with counterfeit software. (For some really horrifying fun, check out Lumension’s True Cost of Malware Calculator.)
All of this still leaves the central question on the table: Yes, the security landscape is going from bad to worse, but why does that necessitate Intel acquiring a top-tier security organization? Synergy. The collaboration of Intel and McAfee minds has resulted in hardware and software security solutions to better protect computing—from device to cloud.
Intel wants to build safer platforms, and that means enabling security at the lowest level possible. Rootkits and other exploits have amply proven that the application, driver, operating system, and hypervisor layers of the computing stack are all compromised. Criminals know how to inject exploits at these levels, and they’re getting better at it daily. In the security game, whoever gets lower in the stack wins, and the lowest layer is hardware: CPUs, chipsets, and network interfaces.
On their own, McAfee and other security providers can’t establish their security technologies at the hardware layer. Intel and other hardware manufacturers can, but they lack the decades of hard-earned expertise accumulated by top-ranking security vendors. Somehow, like two people speaking two languages from opposite ends of the world, these two ends of the industry had to find a way to collaborate effectively and with decisive speed.
Could Intel have tried to tackle mastering security and competed against other security vendors? Perhaps, but that would have taken years of trial and error with no guarantee of success. Similarly, could Intel have pursued the industry committee approach? Definitely, but anyone who has examined the timetables involved in drafting, refining, and publishing industry standards, as Intel has countless times, knows that such efforts typically run for many years. As a case in point, consider the 802.11ac WiFi* standard, which started out with an IEEE task group in late 2008 and won’t have final approval until 2014—and that’s for an incremental improvement on tried and true WiFi, not a new approach to security.
No, if 50 billion devices were going to be connected in this decade, deep security at the hardware layer was essential. The company had to acquire a world-class security engineering organization and meld it with its own engineering groups. The right company at the right time was McAfee.
A STRATEGY MADE CLEAR
If much of the above seems like an overpowering dose of doom and gloom, take heart. In the big picture, all of these problems, and all of the counterbalancing solutions being aligned against them, are matters of scale. The threats get bigger, but security tools continue to step up users’ defensive game by becoming more robust and neutralizing threats at their roots. Recall the buffer overflow exploits leveraged by the infamous Code Red (2001) and SQL Slammer (2003) worms. These intentional memory-resource violations caused uncountable millions of US dollars in damage, but they can now be mitigated through various means. One countermeasure is the use of executable space protection, which allows buffer overflows to exist within program memory but not to execute arbitrary (and often hostile) code when both the CPU and host software mark the data pages as protected. Intel introduced this feature into its consumer processors as the eXecute Disabled (XD) bit in its 2004 “Prescott” Intel® Pentium® 4 processors.
The XD bit is only one of many silicon-level security features that Intel has implemented over the years. Consider Intel® Trusted Execution Technology (Intel® TXT), which works in conjunction with a Trusted Platform Module (another hardware security effort in which Intel was a key player) and system software to ensure that applications and the system image itself are operating in a tamper-free, fully trusted environment. Since early 2010, the aforementioned AES-NI logic has been accelerating AES-based cryptographic throughput by 5x to 10x, bringing industry-standard encryption within the reach of consumers and businesses without the system-crippling overhead of running that cryptography without CPU optimization.
In many ways, the McAfee DeepSAFE™ technology, jointly developed by Intel and McAfee, is only a continuation of these silicon-plus-software security innovations. Malware authors have extensively compromised the application and operating layers of the system stack. They cannot, however, penetrate directly into the system foundation—its processor hardware. To use the castle defense analogy, imagine that the CPU is the bedrock far under the castle (the software stack). Previously, attackers have employed rootkits and other methods of burrowing under the lowest castle levels to breach the castle’s defense. With DeepSAFE, Intel and McAfee add a new, heavily armed sub-cellar directly on top of the bedrock, equipped with a stone-reinforced tunnel straight to more resources (third-party security apps) on the surface. This doesn’t magically keep the castle safe from all assault, but it prevents a whole host of possible burrowing attacks to which the castle was previously prone, attacks that could prove particularly threatening in the mobile sphere.
Intel’s mission statement,
“This decade, we will create and extend computing technology to connect and enrich the lives of every person on earth.”
represents a grand vision for the near future that is larger than mobility or the cloud or the Internet of Things. It is about empowering everyone through computing. This vision requires three essential elements: (1) energy-efficient performance, so that increasing functionality is sustainable; (2) pervasive connectivity; and (3) security—especially the kind of deeply embedded security discussed here. There’s no getting rid of the doom and gloom; people must understand the stakes involved and risks at hand. But those risks can be kept in check by staying one step ahead of (or below) attackers through the adoption of Intel/McAfee security technologies.
Even though the two companies’ merger is fairly recent, the fruits of their forward-looking collaboration are already reaching the market, including:
- McAfee LiveSafe™. Designed for the rapidly increasing number of homes juggling a range of Internet-connected devices, LiveSafe protects computers and handhelds alike against all manner of malicious activity—everything from theft to malware to hostile websites. LiveSafe exemplifies that security isn’t just about stopping nefarious code. The service also gives users a cloud-based “safety deposit box” for their important and private files.Access to this digital vault requires biometric verification.
McAfee Deep Defender. A next generation of hardware-enhanced endpoint security, enabled by McAfee DeepSAFE Technology. It operates beyond the operating system to detect, block, and remediate advanced, hidden attacks. Reinventing the industry approach to security, it’s the first product co-developed with Intel on the McAfee DeepSAFE Technology.
McAfee ePO Deep Command. Providing secure and remote security management access to PCs, ePO Deep Command uses Intel® vPro™ Active Management Technology (AMT) to deliver beyond the operating system management, reducing security operation costs while enhancing security posture. It enables secure remote access regardless of the PC’s power or encrypted state so security administrators can remotely remediate compromised systems, enable energy-saving initiatives, wake systems, and apply proactive security.
McAfee Network Security Platform 7.5. Intrusion Protection System (IPS) appliances safeguard enterprise perimeters, inspecting all inbound (and sometimes outbound) network traffic for threats. This might include advanced malware analysis, deep file analysis for malicious executables, bot detection, and much more. The McAfee Network Security Platform 7.5 integrates Intel® Xeon™ E5 processors, pushing throughput up to 40 Gbps. This leap in processing will enable a greater range of features to better thwart potential risks.
In a way, all of these products serve as proof points for the vision that Intel and McAfee now share. There must be trust between people and their devices, and this trust hinges on driving security into the silicon fabric underlying our digital infrastructure. Folding in McAfee’s experience and the tremendous intelligence of McAfee Labs is only a very large step—no doubt the largest ever—in this exciting journey toward a future of more secure, life-changing opportunity through computing.
ABOUT THE AUTHOR
In 1997, William Van Winkle transitioned into technical journalism from end-user and enterprise PC sales. Since then, he has written for many publications and outlets, including PC Magazine, PC World, LAPTOP, CPU, Processor, Computer Shopper, Tom’s Hardware, and Tom’s IT Pro. William joined the team of writing muses at RH+M3 in 2012. Living in Hillsboro, Oregon, he spends his off hours in pursuit of four kids, a Great Dane, and speculative fiction authorship.